Security News > 2020 > June > U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor
More than a dozen U.S. officials have sent a letter to California-based networking and cybersecurity solutions provider Juniper Networks to ask the company about the results of the investigation launched in 2015 following the discovery of a backdoor in its products.
Dual EC DRBG was known to contain a backdoor introduced by the NSA, which led some to speculate that the NSA may have planted the unauthorized code in Juniper products, while others said it could have been the work of a foreign government.
Juniper had been aware of the security risks posed by the use of Dual EC DRBG and it had not used it as its primary PRNG. In addition, the company made some changes that should have mitigated risks, but the unauthorized code enabled the backdoor and made it possible to launch attacks.
A group of three senators and 13 members of the U.S. House of Representatives announced on Wednesday that they have sent a letter to Juniper Networks in an effort to find out what the company learned from its investigation into what the officials described as "Secret government backdoors."
"The American people - and the companies and U.S. government agencies that trusted Juniper's products with their sensitive data - still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security."